Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
testlink testlink 1.9.20 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.
Testlink Testlink 1.9.20
668
VMScore
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.
Testlink Testlink 1.9.20
668
VMScore
CVE-2020-8638
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
Testlink Testlink 1.9.20
NA
CVE-2022-35194
TestLink v1.9.20 exists to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.
Testlink Testlink 1.9.20
578
VMScore
CVE-2020-8639
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated malicious user to upload a malicious file (containing PHP code...
Testlink Testlink 1.9.20
NA
CVE-2022-35193
TestLink v1.9.20 exists to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.
Testlink Testlink 1.9.20
NA
CVE-2022-35196
TestLink v1.9.20 exists to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.
Testlink Testlink 1.9.20
668
VMScore
CVE-2020-8637
A SQL injection vulnerability in TestLink 1.9.20 allows malicious users to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
Testlink Testlink 1.9.20
2 Github repositories
NA
CVE-2022-35195
TestLink 1.9.20 Raijin exists to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
Testlink Testlink 1.9.20
NA
CVE-2023-50110
TestLink up to and including 1.9.20 allows type juggling for authentication bypass because === is not used.
Testlink Testlink
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »